2 matches found
CVE-2020-29556
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...
CVE-2020-29556
CVE-2020-29556 (Grav CMS) : The Backup functionality in Grav CMS up to 1.7.0-rc.17 enables an attacker to read arbitrary local files on the server via path traversal. The issue can be exploited by an unauthenticated attacker due to missing CSRF protection. This is supported by Red Hat and vulnera...